To structure our comments we have posed several questions, some taken from the recent Institute of Directors Seminar, plus some of our own.

  In general terms we have assumed that a duty of care is owed by the business to employees or others affected by its activities.

  Our general themes are that:

  1.  The basis of the new offence must be clear. Relying on case law to identify how the tests will work in practice is not sufficient.

  2.  There is a need to "sell" the new offence to business so they appreciate the real motives behind the bill and what is covered and what is not. The need for a "conscientious approach" to health & safety must be spelt out; otherwise businesses will not know what is expected of them, different to what they are doing now.

IS THE DEFINITION OF THE TERM "SENIOR MANAGER" CLEAR?

  Yes, we believe so—as far as it can be. The wide variety of different organisational structures and responsibility allocations are too numerous to describe in specific terms; so a general explanation is necessary. We believe that the tests currently included are valid:

—  Play a role in making management decisions about, or actually managing, the activities of the organisation as a whole or a substantial part of it.

—  The person to play a "significant" role.

—  The person to be managing a "substantial" part of the organisation.

  The draft bill is correct in its intention to criminalise under the new offence management failings that can be associated with the organisation as a whole. The offence is rightly targeted at failings in the strategic management of organisations activities, rather than failings at relatively junior levels. However, that is acceptable if those junior level failings are not the result of higher level "cultures" or a de-focus within the organisation on the management of health & safety risks.

  There is an issue regarding the responsibilities of "senior managers", which it is being stated is not a valid test further down the organisation. But "senior management" within that business unit and/or the parent business may heavily influence a decision taken further down the organisation or within a subsidiary or division. What the prosecutors will be looking for is a systemic failure throughout the business, and not an individual decision by a manager at a lower level. What will be the situation if the "senior managers" do not tackle the clear failings within a particular part of the business, where the actions of a "middle" manager may be contrary to corporate policies/processes? Will a failure to act by senior management be seen as a gross breach?

WILL THE NEW OFFENCE WORK SMOOTHLY ALONGSIDE EXISTING HEALTH & SAFETY LEGISLATION?

  Yes, we believe so, provided as outlined above, the expected response from businesses is to create a better "safety culture" and manage health & safety risks as part of an overall risk management, corporate governance, business and operational process approach, rather than a risk averse "tick the box" approach.

  Current specific requirements are as follows and should be clearly communicated to businesses, as being very relevant to the new offence:

  HSWA Section 6 re the provision of goods and services to others re the health & safety of those goods and services (linked to Consumer Protection Act)

  HSWA Section 7 re the responsibility of an individual employee to take care of their own health & safety as it affects himself or herself and other affected by their activities. What if they do something that is outside all the businesses policies/processes/training etc? There is also a link to Regulation 8 of the Management Regulations re serious, imminent and unavoidable danger and what management and employees have to do in response. Does industrial action, including "go slows" and "working to rule" infringe Section 7?

  HSWA Section 37 re proceedings against "director, manager, secretary or other similar officer"

  There needs to be consistency in the criteria applied by those initiating prosecution under s 37. Unjustified and poorly judged prosecutions of managers may lead to their refusal to accept explicit responsibility for overseeing health & safety.

WILL THE PROPOSED NEW OFFENCE CREATE A MORE LEVEL PLAYING FIELD?

  Yes, in theory. The existing situation where the "controlling mind" in smaller businesses is much easier to identify than in larger businesses, hence the successful prosecution of individual directors in smaller businesses needs to be addressed. However, because the existing offence is not being removed, smaller businesses will still have "two offences" to concern themselves with; the existing offence and the new offence. Whereas, larger businesses will "only", in reality have the new offence to worry about.

  Additionally larger organisations will be able to apply resources to any new approach/programme that is required in response to the new offence (see below). However, the longer and more complicated chain of command in large organisations makes it much more likely that unseen/unknown management failures are in existence. A strict legal compliance approach will not identify potential management failures.

  The bottom line is whether it is clear to all businesses what is actually required to remove the possibility of a prosecution. The draft bill talks about gross breaches and infers that only decisions/policies laid down by senior management will be relevant, rather than a symptomatic system/process/technical failure brought about as a result of senior management de-focus on health & safety that does not discourage a de-focus further down the management chain.

  Although some do not agree with the notion of a description of good/best practice, we believe that a clear communication to all businesses is required if they are to understand what is expected of them. We all know that there are a wide range of approaches to health & safety. Ranging from at one end a complete disregard for regulations and no actual health & safety programme at all (apart from maybe a short "policy" copied from another organisation or web site, but not adapted to the business), to at the other end a full identification of how the business is creating health & safety risks, a health & safety risk management system that is related to the needs of the business and the integration of health & safety at all levels and in all aspects of the business.

  Given that the draft bill says that there will not be any additional health & safety regulations and that any prosecutions will be related to existing requirements; at which end of the above spectrum will "compliance" be acceptable and the business deemed to have "done enough" to ensure that a senior management gross breach cannot have taken place?

SHOULD ANY NEW LAW APPLY EQUALLY TO THE PUBLIC SECTOR?

  Yes, and we believe that it does. If any part of the economy is excluded, then there will not be a "level playing field" and the public sector should be a good/best practice reference point for other parts of the economy. However, in our experience the public sector adopts a more risk averse "tick in the box" approach rather than a robust management led "business" focused and integrated health & safety risk management system. Going forward this type of approach will not be sufficient.

SHOULD ANY NEW LAW APPLY TO UNINCORPORATED ENTITIES (PARTNERSHIPS, ETC)?

  Yes. Unincorporated bodies eg trades unions and charities operate significant undertakings that can create health & safety and other risks, in the same way as incorporated bodies. It would not be a "level playing field" if they were excluded. As the draft bill is not imposing any new requirements, unincorporated bodies should be currently compliant with health & safety regulations, so no additional burdens are being imposed. Additionally, any attempt to exclude them would be seen as a statement that the activities of unincorporated bodies are not part of the normal economy and should a gross breach take place that is of no concern in the wider context. Other businesses may also decide to "outsource" "risky" activities to unincorporated bodies to avoid the consequences of any new offence.

IS IT CORRECT THAT THE PROPOSED NEW OFFENCE IS NOT TARGETED AT INDIVIDUAL DIRECTORS?

  Yes, for the following reasons:

—  The existing law covers those breaches related to a "controlling mind".

—  It is normally a management systems failure or a failure of leadership or management commitment—people, money, time—that causes a breach, not normally the actions of a single person acting totally outside the business systems/culture/directions etc.

—  If a single person, even a senior manager commits a serious breach outside all actual/written management systems and training/guidance given to that individual, then the organisation should not be liable, unless it is evident that the manager was acting as expected ie the written rules etc say one thing, but in reality the action expected is the opposite.

SHOULD CONSIDERATION BE GIVEN TO MORE INNOVATIVE PENALTIES THAN FINES AGAINST THE COMPANY?

  Yes and No.

  No, as money talks, plus the reputation risks and business risks are follow-on penalties anyway. As many businesses are managed on the "numbers" only—turnover/profit/growth in sales etc—then hitting them with a financial penalty will generally affect the business results—it will almost always affect the performance payments of the senior managers.

  Yes. The draft bill makes provision for the courts to impose remedial orders as currently. But, specific actions should be required eg to agree a plan of action and submit it for approval to the appropriate regulatory body. However, that would run the risk of those saying "ok" to the action plan eg HSE not being able to subsequently take action against that business if a breach occurred in the future. No two cases are alike, but it is possible to foresee a situation where the business has implemented everything that was agreed with the regulator, but then another serious breach occurs. That would place the regulatory authority in a very difficult position.

  The action plan must not be just "comply with regulations", but should approach the situation from a strategic risk management point of view, placing the management of health & safety within that business on an equal and integrated footing as with all other business processes. But do the regulators across the board understand what a strategic and integrated approach means and what actual "actions" should be prescribed? Additionally the "actions" should not just be related to the serious breach but should take a broader view looking at the way that the business is managing it's health & safety risks at a corporate/senior management level for the whole business. A reactive action plan responding just to the serious breach is not appropriate.

WILL THE CREATION OF A NEW OFFENCE OF CORPORATE MANSLAUGHTER RAISE THE PROFILE OF HEALTH AND SAFETY AT BOARD LEVEL?

  Yes. Provided that the communication of what a business has to do to comply with the new act is made clear. See above. Leaving it unclear—relying on the wording of the act—is not satisfactory, as businesses will only learn what is required as a result of case law ie a reactive approach, rather than a positive pro-active approach. It is stated that the purpose of the bill is not to increase the number of prosecutions, but to encourage businesses to manage health & safety risks so that serious breaches (and therefore deaths etc) do not occur. However, without a clear description of the types of controls and management systems principles that are expected eg a strategic health & safety risk management approach, rather than a risk averse, "tick the box" approach, then businesses will not understand—and will not take steps to undertake the additional actions expected.

  We question however whether a new "Code" is required, as HSG65 and other documents eg INDG343—Directors responsibilities; already make it clear what is required? In our experience many, many businesses are not even aware of those documents, yet still believe they are fully compliant. So under the draft bill is "compliance" related to specific requirements (eg undertaking risk assessments) or the more general requirements spelt out in the above documents? Would it be a gross breach if the above documents were not used to define a strategic health & safety management system for the business or only if a particular risk assessment was not undertaken, resulting in the risk of a particular activity not being identified and gross breach taking place?

  The official view being expressed is that the bill does not "create any new standards . . . it is not about having to do different things . . . but about doing current things differently". How a business manages and organises its activities, with particular reference to managing health & safety risks, is crucial. The introduction to the draft bill states "This is important for an offence that is likely to be based on what an organisation has failed to do". How "differently" and what this means, needs to be spelt out, especially given the requirements of the 1974 HWSA and the Management Regulations.

IS THE TEST FOR THE NEW OFFENCE APPROPRIATE?

  Yes, in theory. But it does not necessarily require a "gross breach, for someone to die! The difference between an "incident" (non injury accident or property damage) and a death can be "inches" or "seconds" or "being in the wrong place at the wrong time", especially where the business knew that the risk existed but not at a very high level, as "they had been lucky". However, both an incident and a death can be caused by a management failure; but not necessarily a gross breach.

  We believe that a new concept of "gross carelessness" should be introduced because it is not necessarily a deliberate act/intent of the business to defocus on health & safety, but rather a general culture within the business not to focus on health & safety (and often other internal controls as well) and focus on "profit, profit, profit", or something similar. We do however, agree that the new offence based on the current offence of gross negligent manslaughter is a valid approach, but believe that it could be widened to include "gross carelessness".

  The introduction to the draft bill states, "The offence is (however) designed to capture truly corporate failings in the management of risk, rather than purely local ones. It therefore applies to management failings by an organisations senior managers—either individually or collectively". It is appropriate to introduce statutory criteria to assist in defining organisations culpability.

  The "tests" being proposed are set out below and we have included comment where we believe improvements are possible:

—  Conduct falling far below what can be reasonably be expected in the circumstances—this is consistent with current arrangements and is appropriate.

—  Jury must decide if there is evidence that:

—  The organisation failed to comply with any relevant health & safety legislation or guidance—does this mean specific or general advice? We have made the point elsewhere that significant guidance eg HSG65 and INDG343 is available, but would an organisation be culpable if these documents had been not used to determine how health & risks were managed, or only more specific legislation/guidance eg a particular risk assessment or subsequent safe system of work had not been properly introduced?

—  How serious was the failure to comply—this would be very difficult to determine other than in each case, but would not help organisations understand what they should do in response to the new offence, as a pro-active approach.

—  Whether or not the senior managers of the organisation:

—  Knew, or ought to have known, that the organisation was failing to comply with that legislation or advice—again not clear as to whether specific requirements or general requirements would be included

—  Were aware, or ought to have been aware of the risk of death or serious harm posed by the failure—again not clear what general or specific requirements are relevant. If the senior managers had an upwards reporting process that detailed accidents/incidents and that health & safety compliance was "ok", would senior managers be culpable if they did not have in place a monitoring/review process separate to existing upward reporting processes, as spelt out in HSG65?

—  Sought to cause the organisation to profit from the failure—as mentioned elsewhere we believe there are two choices with this test.

1.  Change the word "profit" to "benefit", which is a more appropriate word for all bodies included under the draft bill.

2.  Delete the "test" completely as it is not necessarily a conscious decision to de-focus on health & safety to "profit/benefit" the organisation, that makes an organisation culpable. For example in the case of the Herald of Free Enterprise, was there a conscious decision to leave the bow doors open to "profit" the organisation, or was it a management failure that prevented warning mechanisms being installed/repaired that allowed the doors to be open, unknown to the captain? Would that "decision process" now fall within the scope of the new offence? If it does not then the draft bill "tests" need to be re-considered. In our experience businesses mostly do not deliberately decide to put people lives at risk and allocate resources—people, money, time—to other business activities, leaving clear potential risks that could cause accidents not controlled. The lack of focus is very often based on the assumption, unfortunately confirmed in many cases by the health & safety specialist, that the business is compliant and everything is covered! Removing the test completely would allow prosecutions in cases where no clear causal link could be established to still proceed with a prosecution.

WILL THE CREATION OF A NEW OFFENCE OF CORPORATE MANSLAUGHTER PROMOTE BETTER HEALTH AND SAFETY PERFORMANCE?

  Yes, it has to otherwise the real intent of the bill has not been realised. If, as mentioned before the actions required as a result of the introduction of the new offence are communicated well and businesses are clear what they have to do. Otherwise the new offence will be seen by many businesses as another "stick to hit them with", another burden/more red tape, rather than a positive proactive initiative that well run and responsible businesses have nothing to fear from. However, it must also be made clear whether "double jeopardy" could apply ie could the body corporate be prosecuted under the new offence and individual directors also prosecuted under the existing offence—for the same accident/loss.

  The official view is that if a business has adopted a "conscientious approach" to health & safety, then that business will not be liable under the new offence. The bill is not intended to deal with every workplace death, only the worse cases where a business has "played fast and loose" (our term) with the health & safety of its employees and others to whom it owes a duty of care. But what is meant by a non-conscientious approach? Businesses need to know what that will look like. Our view is that a business should have to demonstrate that is has included health & safety as part of its strategic risk management of the business and integrated the management of health & safety risks with its organisational, people management, business, commercial and operational policies and processes. "Tick the box" risk averse approaches should not be regarded as "conscientious".

17 June 2005